Why use krb5_set_real_time() instead of NTP ?
Andrew Bartlett
abartlet at samba.org
Wed May 10 05:10:29 GMT 2006
On Tue, 2006-05-09 at 22:01 -0700, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Luke Howard wrote:
>
> > Well, you don't have to change the system time (of course whether
> > you securely know what the KDC time is is another matter).
> >
> >>From the Heimdal code:
> >
> > /*
> > * Set the absolute time that the caller knows the kdc has so the
> > * kerberos library can calculate the relative diffrence beteen the
> > * KDC time and local system time.
> > */
> >
>
> Luke,
>
> Maybe I'm being dense here, but is this really the case of
> a user space application working around trying to work around
> an unsynchronized system clock on the client ?
Yes, it is dealing with an unsynchronised clock between itself and the
KDC. Yes, the admin should have the clocks in sync. Windows AD
networks run something almost but not entirely like NTP automatically to
avoid this problem.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060510/195939e6/attachment.bin
More information about the samba-technical
mailing list